Multiple vulnerabilities in Oracle Primavera
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2018-14718 CVE-2019-2512 CVE-2018-9206 CVE-2018-0732 |
| CWE-ID | CWE-264 CWE-20 CWE-434 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #3 is being exploited in the wild. |
| Vulnerable software |
Primavera Unifier Client/Desktop applications / Software for system administration Primavera P6 Enterprise Project Portfolio Management Server applications / Other server solutions |
| Vendor | Oracle |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Remote code execution
EUVDB-ID: #VU17053
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-14718
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to the failure to block the slf4j-ext class from polymorphic deserialization. A remote attacker can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsPrimavera Unifier: 16.1 - 18.8
CPE2.3- cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_unifier:17.1:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Security restrictions bypass
EUVDB-ID: #VU17054
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-2512
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to insufficient input validation. A remote attacker can trick the victim into processing specially crafted input and bypass security restrictions to read and modify arbitrary system files.
Install update from vendor's website.
Vulnerable software versionsPrimavera P6 Enterprise Project Portfolio Management: 8.4.0.0 - 18.8.0.0
CPE2.3- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2.0.0:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Arbitrary file upload
EUVDB-ID: #VU15424
Risk: Critical
CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2018-9206
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists in the plugin's source code that handles file uploads to PHP servers due to software allows upload of arbitrary files to the system. A remote unauthenticated attacker can upload arbitrary .htaccess file to impose security restrictions to its upload folder and upload backdoors and web shells.
Note: The vulnerability has been actively exploited for at least 3 years.
Mitigation
Install update from vendor's website.
Vulnerable software versionsPrimavera Unifier: 16.1 - 18.8
CPE2.3- cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_unifier:17.1:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
4) Improper input validation
EUVDB-ID: #VU13325
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-0732
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to improper handling of large prime values by the affected software during key agreement operations in a Transport Layer Security (TLS) handshake using an Ephemeral Diffie-Hellman (DHE) based cipher suite. A remote attacker can send a large prime value from a malicious OpenSSL server to a targeted OpenSSL client and cause the client to stop responding while generating a key for the prime value.
MitigationInstall update from vendor's website.
Vulnerable software versionsPrimavera P6 Enterprise Project Portfolio Management: 8.4.0.0 - 18.8.0.0
CPE2.3- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2.0.0:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
